Call center services are typically provided by service providers to enable clients to access, modify, delete or otherwise control their accounts. From a security standpoint call centers can be the riskiest areas of an enterprise because call center transactions may expose sensitive customer information to malicious third parties. Up to 90% of the calls received on any given day at customer call centers are from fraudulent callers attempting to improperly gain access to customer accounts.
To address these security concerns, the Payment Card Industry Security Standards Council (PCI SSC) manages the ongoing evolution of the Payment Card Industry (PCI) security standards. Service providers are responsible for enforcing compliance with PCI standards to protect sensitive customer data. For example, the PCI standards may dictate authentication standards to be followed prior to permitting a client to access and/or modify customer account information. Call centers may require client authentication in the form of exchange of passwords, answers to personal questions, biometric data or the like. However, authentication techniques are often undesirably subject to issues such as “spoofing” and “phishing” where imposters mask or modify incoming numbers, email addresses, IP addresses, etc., to pose as clients in an attempt to steal information or funds. External risks are also posed by hackers that monitor service provider communications, in particular, call center communications, for the purpose of stealing customer information.